OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

xacml-users message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [xacml-users] Help on Condition ?

On Thu, 2008-12-11 at 07:03 -0600, Balaji Kannadassan wrote:
> Hi All!
>    I couldn't understand the use of condition tag :-(. Can someone
> brief me on the same and it would be helpful, 

In the target part of a policySet/policy/rule you can only apply a
restricted set of operations (the idea is that a target should be
evaluatable efficiently), i.e. you can only compare a single static
value with a single attribute value from the request/context handler.
For example you can not compare two attribute values from the request in
a target.

A condition allows you to formulate ... well ... conditions more freely.
Think of them as logical formulas that are evaluated with values from
the request (and the context handler). If the condition evaluates to
'true' the rule is applicable and it's effect is returned to the
combining-algorithm, if the condition evaluates to 'false' the rule
returns 'NotApplicable'.

Note that the condition is applied additionally to the targets of all
ancestor elements, so it is not evaluated if any of those don't match.

> BTW obligation is usually request rt in plain english :-),  Why is
> that it has been said that Obligation are must do kind of activities ?
> just interested to know..  

Sorry I don't understand that question. Could you explain?


Ludwig Seitz

Ludwig Seitz, PhD             |   Axiomatics AB
Training & Development        |   Electrum 223
Phone: +46 (0)703 83 08 00    |   S-164 40 Kista, Sweden
Mail: ludwig@axiomatics.com   |

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]